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DETAILED ACTION 

1 . Claims 1 -30 are presented for examination. 



Claim Rejections - 35 USC §102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for 
patent or (2) a patent granted on an application for patent by another filed in the United 
States before the invention by the applicant for patent, except that an international 
application filed under the treaty defined in section 351(a) shall have the effects for 
purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was published under Article 
21(2) of such treaty in the English language. 

2. Claims 1-6, 10-19, 21-30 are rejected under 35 U.S.C. 102(e) as being anticipated by Gai 
etal., US pat. No.6,65 1,096. 

As to claim 1, Gai discloses a method, comprising: 

defining a plurality of first rules made up of relatively less complex second rules (see abstract, 
fig.4, col.6 line 32 to col.7 line 39); 

defining a policy having at least some of the plurality of first rules and defining corresponding 
actions to undertake that are related to communication of a packet within a network (using access 
control list ACL, see col.7 lines 15-58); 

converting the first rules into minterm representations and generating a bit mask for each of the 
second rules based on their presence in the minterrn representations (see col. 8 lines 7-49 and 
col. 15 lines 15-57); 
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using the generated bit masks and content in a header of the packet to evaluate the plurality of 
first rules in the policy and to determine a corresponding action to undertake (see col. 16 lines 6- 
61). 



As to claim 2, Gai discloses using the content in the header of the packet to evaluate the plurality 
of first rules includes using content in fields of a hypertext transfer protocol (HTTP) header of 
the packet (see col.2 lines 9-40 and col. 8 lines 7-49). 

As to claim 3, Gai discloses using content in the fields of the HTTP header of the packet includes 
using content from at least one of header value, header name, universal resource locator string, 
method, hostname, cookie, defined, and undefined fields of the HTTP header (see col.2 lines 9- 
40 and col.8 lines 7-49). 

As to claim 4, Gai discloses defining the plurality of first rules made up of relatively less 
complex second rules includes defining the first rules by nesting the second rules using logical 
operators (see col. 12 lines 8-62 and col. 13 lines 25-65). 

As to claim 5, Gai discloses defining the corresponding actions to undertake that are related to 
communication of the packet within the network includes at least one of defining forward, 
redirect, persist, reply error, and reset client actions for each set of matching first rules in the 
policy (see col. 12 lines 8-62 and col. 13 lines 25-65). 
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As to claim 6, Gai discloses converting the first rules into minterm representations includes 
converting the first rules into minterms having sums of products of the second rules, and storing 
the minterms in a minterm data structure (see col. 8 lines 7-49 and col. 15 lines 15-57). 

As to claim 10, Gai discloses a method, comprising: 

defining a plurality of complex rules made up of simpler rules and being indicative of actions to 
take relative to processing of a packet communicated within a network (see abstract, fig.4, col. 6 
line 32 to col.7 line 39); 

converting the complex rules into minterm representations and generating a bit mask for each 
simpler rule based on the minterm representations of the complex rules (see col. 8 lines 7-49 and 
coL 15 lines 15-57); 

examining header content of the packet; and using the header content of the packet and the bit 
masks to evaluate the complex rules represented as minterms, and determining which action to 
undertake relative to that packet in accordance with results of the evaluation (see col. 16 lines 6- 
61). 

As to claim 11, Gai discloses using the header content of the packet and the bit masks to evaluate 
the complex rules represented as minterms includes: determining which simpler rules correspond 
to the header content; determining the bit masks for these simpler rules and performing a logical 
operation on these bit masks to generate a new bit mask; and determining a complex rule that 
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matches the header content from a minterm identifiable from the new bit mask (see col.15 lines 
15-57 and col. 16 lines 6-61). 

As to claim 12, Gai discloses generating the bit mask for each simpler rule includes generating 
bit position values in the bit mask based on whether a particular simpler rule is present in a 
minterrn (see col. 12 lines 8-62 and col.15 lines 15-57). 

As to claim 13, Gai discloses placing simpler rules of similar rule type in a common data 
structure and searching each data structure for a specific rule that corresponds to the header 
content (see col. 12 lines 8-62 and col. 13 lines 25-65). 

As to claim 14, Gai discloses defining the plurality of complex rules made up of simpler rules 
includes using a plurality of logical operators to relate a plurality of simpler rules to form at least 
one complex rule (see col. 12 lines 8-62 and col. 13 lines 25-65). 

As to claim 15, Gai discloses a method, comprising: 

reducing a first rule into at least one minterm made of a plurality of second rules that are less 
complex relative to the first rule (see abstract, fig.4, col.6 line 32 to col.7 line 39); 
generating a bit mask for each of the second rules and for data from any field in a header of a 
packet, determining which second rules correspond to that data (see col. 8 lines 7-49 and col.15 
lines 15-57); 

applying a logical operation to the bit masks of the second rules corresponding to the data to 
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obtain a new bit mask and determining an action to undertake related to the packet from a 
minterm validated via the new bit mask (see col. 16 lines 6-61). 

As to claim 16, Gai discloses applying the logical operation to the bit masks of the second rules 
to obtain the new bit mask includes applying an AND operation to these bit masks, and wherein 
determining the action to undertake from the minterrn validated via the new bit mask includes 
identifying the minterm from a first non-zero bit position in the new bit mask (see col. 15 lines 
15-57 and col.16 lines 6-61). 

As to claim 1 7, Gai discloses generating the bit mask for each of the second rules includes 
determining bit position values of the bit mask based on whether a particular second rule is 
present in a given minterm (see col. 15 lines 15-57 and col.16 lines 6-61). 

As to claim 1 8, Gai discloses examining data in fields of the header in addition to hostname, 
URL, and cookie fields and searching for second rules corresponding to this data in separate data 
structures organized according to rule types (see col. 12 lines 8-62 and col. 13 lines 25-65). 

Claim 19 is rejected for the same reasons set forth in claim 1. 

As to claim 21, Gai discloses that the instructions to use the generated bit masks and content in 
the header of the packet to evaluate the plurality of first rules in the policy and to determine the 
corresponding action to undertake includes instructions to: search for a second rule in each rule 
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type database that corresponds to content in the packet and for second rules located by the 
searching, obtain the corresponding generated bit masks; apply a logical operation to the 
obtained bit masks to generate a new bit mask locate a first enabled bit position of the new bit 
mask, and designate a first rule in a minterm corresponding to that bit position as a match (see 
col. 15 lines 15-57 and col. 16 lines 6-61). 

Claims 22-24 are rejected for the same reasons set forth in claims 10, 1 1 and 13 respectively. 

As to claim 25, Gai discloses a means for communicating between a client device and a network 
component (see abstract, fig.4, col.6 line 32 to col. 7 line 39). 

Claim 26 is rejected for the same reasons set forth in claim 15. 

As to claim 27, Gai discloses at least one of the data structure, first component, second 
component, and third component are located in a switch that can receive the packet (see col. 12 
lines 8-62 and col. 13 lines 25-65). 

As to claim 28, Gai discloses that the data structure includes a plurality of rule type data 
structures that correspondingly store second rules of similar rule types (see col. 12 lines 8-62 and 
col. 13 lines 25-65). 

Claims 29 and 30 are rejected for the same reasons set forth in claims 2 and 4 respectively. 
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Allowable Subject Matter 

3. Claims 7-9 and 20 are objected to as being dependent upon a rejected base claim, but 
would be allowable if rewritten in independent form including all of the limitations of the base 
claim and any intervening claims. 

Other prior art cited 

4. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

a. Moon, US pub. No.2007/01 18339. 

b. Brown etal, US pat. No.5,94 1,947. 

c. Shoroff et al, US pat. No.6,381,602. 

Conclusion 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Khanh Dinh whose telephone number is (571) 272-3936. The 
examiner can normally be reached on Monday through Friday from 8:00 A.m. to 5:00 P.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Zarni Maung, can be reached on (571) 272-3939. The fax phone number for this 
group is (571)273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
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may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Any response to this action should be mailed to: 

Commissioner for patents 
PO Box 1450 

Alexandria, VA 22313-1450 




